Arguably the most important piece in the security of private information puzzle is secure and protected passwords. According to Intel Security: A Five-Year Look Ahead, IoT devices will grow from 15 billion in 2015 to a massive 200 billion by 2020. With cybersecurity threats on the rise and more employees working from home on portable devices, keeping confidential data safe is crucial to the security of any organization.
What is a Password?
A password is described as ‘a secret word or phrase that must be used to gain admission to a resource.’ In the technology realm, a password is a ‘string of characters that allow access to a computer, interface, or system.’
Passwords are the equivalent of locking your doors at home. Would you feel safe leaving the front door to your home unlocked? The key or code grants you access to the valuables inside. The same can be said about password security.
According to SplashData: 2015 Worst Passwords List, the top 10 most insecure passwords as of 2015 are as follows:
2015 Top 10 Most Insecure Passwords
It comes as no surprise that according to a poll of 2,000 consumers conducted by TeleSign, 8 in 10 people are worried about their online security.
How to Create a Secure Password
Common requirements for password creation are that they should fulfill a standard complexity. Passwords should consist of at least eight characters, including one caPital letter, one numb3r, and one specia! character. For example, if you apply these rules to a simple password like ‘applepie’, the simple password is then transformed to aPpL3p!e.
As an IT professional, my recommendation is to create a passphrase rather than a password. A password entails the use of one word in order to protect important user information. Whereas a passphrase involves the use of several words or a sentence to create something with a greater degree of security.
For example: the password ‘work is fun for me’ is a secure password if represented with 3 capital letters, 4 numbers, and one special character: W0rk1$Funf0rM3. If you place this password in an online interactive password tool such as the Gibson Research Brute Force Search Space Calculator, you can see it is difficult to compromise.
Another option is to use a quote for a passphrase. Let’s use Albert Einstein’s: A person who never made a mistake, never tried anything new and never will. Form it into the following passphrase with at least 12 characters and use a capital letter(s), number(s) and special character(s): ApWnM@Mn2aN@Nw. The password becomes even more secure.
What is a Password Safe?
Remembering new passwords is a complicated, tiresome, and challenging process. However, the principles remain the same. Would you allow uninvited guests easy access into your home? The more improved and robust the security apparatus, the more complicated it will be for someone to maliciously gain access to it.
A password safe is an encrypted sensitive information manager that stores passwords and other forms of private credentials. The software requires the user to create a master password to ensure maximum password security and authentication.
There are many different versions of password managers. My recommendation is for users, employers, and organizations to look for a software design that fits your specific requirements based on price and functionality. For instance, some password managers offer ‘Two-Factor Authentication’ while other products detect ‘Password-Change’ events that automatically update your existing records. You must decide which product will serve you best.
You can learn more about password managers in this article by PC Magazine which compares the best password managers for 2016. If you are looking for an affordable solution, one consideration is the free password manager, KeePass.
Utilizing a password manager will help enhance the layers of protection towards safeguarding against cybersecurity breaches. Remember, proper password protocol and employee training should always be part of any organizations onboarding process.
How Often Should I Change my Password?
Security expert Bruce Schneier points out that “In most cases today’s attackers won't be passive. If they get your bank account login, they won't wait two months hanging around, but will transfer the money out of your account right away. In the case of private networks, a hacker might be stealthier and stick around eavesdropping, but he's less likely to continue to use your stolen password and will instead install backdoor access.” Therefore, regular password changes won't do much for either of those cases. It is worth noting that in both cases, you should always change your password immediately in an effort to mitigate further compromise.
In today's crazy hacker-friendly system, frequent password changes are less relevant than ever. NIST says that password expiration policies are "irrelevant for mitigating cracking," because not only are hackers totally on to our clever password tricks, they've got more advanced hardware and software.
Is it necessary to change your password often? The answer is probably open for interpretation. I for one think it is highly necessary. However, if changing your password leads to creating a weak insecure one, then perhaps creating a strong secure password from the beginning is the better alternative.
Thank you for joining me in my conquest to educate people about IT Security. For more on the latest IT and Cyber Security information, follow me on twitter @istonish, check out our blog or email your questions to info@Istonish.com.